PT-2024-18980 · Rust-Evm · Rust-Evm

Name of the Vulnerable Software and Affected Versions: rust-evm versions prior to 0.41.1 Description: The issue is related to the record external operation feature in rust-evm, which allows library users to record custom gas changes. This feature can have bogus interactions with the call stack,...

In some cases the crowdfund cant be finalized because the minContribution amount check is after the amount is reduced

Lines of code Vulnerability details Because of a finding in the previous contest, the minContribution check is done after the amount is potentially reduced if refunding excess contribution. However this can be a problem if the maxTotalContributions - minTotalContributions is smaller than the...

App Layering - Layer Stuck in "Editing" State

Layer stuck in 'Editing' State Layer doesn't get finalized even after cliking on the 'Finalize' button...

kernel: bpf, x86: fix freeing of not-finalized bpf_prog_pack

In the Linux kernel, the following vulnerability has been resolved: bpf, x86: fix freeing of not-finalized bpfprogpack syzbot reported a few issues with bpfprogpack 1, 2. This only happens with multiple subprogs. In jitsubprogs, we first call bpfintjitcompile on each sub program. And then, we cal...

VulnCheck KEV: CVE-2022-4705

The Royal Elementor Addons plugin for WordPress is vulnerable to insufficient access control in the 'wprfinalsettingssetup' AJAX action in versions up to, and including, 1.3.59. This allows any authenticated user, including those with subscriber-level permissions, to finalize activation of...

ALPINE-CVE-2022-42325

Xenstore: Guests can create arbitrary number of nodes via transactions This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. In case a node has been created in a transaction and it is later deleted in the same transaction, t...

CVE-2022-42325

Xenstore: Guests can create arbitrary number of nodes via transactions This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. In case a node has been created in a transaction and it is later deleted in the same transaction, t...

CVE-2022-34831

An issue was discovered in Keyfactor PrimeKey EJBCA before 7.9.0, related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME enrollment process, an order is submitted containing an identifier for one o...

PT-2022-22383 · Keyfactor · Keyfactor Primekey Ejbca

Name of the Vulnerable Software and Affected Versions: Keyfactor PrimeKey EJBCA versions prior to 7.9.0 Description: An issue was discovered related to possible inconsistencies in DNS identifiers submitted in an ACME order and the corresponding CSR submitted during finalization. During the ACME...

Primekey Solutions PrimeKey EJBCA 信任管理问题漏洞

Primekey Solutions PrimeKey EJBCA is a full-featured CA system software from Primekey Solutions, Sweden. The software is used for domain certificate management, enrollment and enrollment-to-certificate validation and other functions to achieve access security. A security vulnerability in Primekey...

mariadb: server crash in create_tmp_table::finalize

A flaw was found in MariaDB. The component, Createtmptable::finalize, allows attackers to cause a denial of service DoS via specially crafted SQL statements, affecting availability...

JPEGLock.lockFor can relock for specific nft, which overwrites previous lock and cause JPEG loss of the locker

Lines of code Vulnerability details Impact NFTVault contract allows anyone to finalize a pending NFT value proposal by calling the finalizePendingNFTValueETH function. A finalizer must lock an equivalent amount of JPEG tokens to the proposed NFT value in JPEGLock, and can only withdraw those toke...

No guarantee sale organizer will fulfil their end of the deal

Lines of code Vulnerability details Impact Sale participants will only be able to claim their CTDL tokens once the sale is finalized. However, there is no guarantee that it ever will be, because: Sale finalisation can only be performed by the owner The owner is able to change the sale parameters...

Add liquidity before phase 3 can force the launch event to stop

Handle WatchPug Vulnerability details function createPair external isStoppedfalse atPhasePhase.PhaseThree address wavaxAddress, address tokenAddress = addressWAVAX, addresstoken ; require factory.getPairwavaxAddress, tokenAddress == address0 || IJoePair IJoeFactoryfactory.getPairwavaxAddress,...

UBUNTU-CVE-2022-21682

Flatpak is a Linux application sandboxing and distribution framework. A path traversal vulnerability affects versions of Flatpak prior to 1.12.3 and 1.10.6. flatpak-builder applies finish-args last in the build. At this point the build directory will have the full access that is specified in the...

Python -- multiple vulnerabilities

Python reports: bpo-41162:Audit hooks are now cleared later during finalization to avoid missing events. bpo-29778:Ensure python3.dll is loaded from correct locations when Python is embedded...

App Layering 2001: Can't Finalize Layer - An error occurred while finalizing version '1.7' of Layer 'Windows 10 1909 German'

After installing the latest Cumulative Update, Cannot finalize the Version. Getting Error Message: An error occurred while finalizing version '1.7' of Layer 'Windows 10 1909 German'...

Patch Data Finalization

Binary data patchfinalize.nbin...

UBUNTU-CVE-2018-1114

It was found that URLResource.getLastModified in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak...

undertow: File descriptor leak caused by JarURLConnection.getLastModified() allows attacker to cause a denial of service

It was found that URLResource.getLastModified in Undertow closes the file descriptors only when they are finalized which can cause file descriptors to exhaust. This leads to a file handler leak...